Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Setting up Google Workspace for SAML-based Single Sign-On (SSO)

By sueann.see@ideagen.com
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Administrators responsible for managing organization security settings in Ideagen Hub.

Admin Console access is required.

You can set up Google Workspace as your corporate identity provider (IDP) in Ideagen Hub using SAML, which is the preferred protocol since Google Workspace has limited OIDC SSO support.

To use an external identity provider like Google, you will need to ensure the Hub user's authentication type is set to External.

This article outlines how to configure a new SAML app in the Google Workspace Admin console and link it to Ideagen Hub.

1. Creating an SAML app

To create a SAML app in Microsoft Entra:

  1. Go to Google Workspace.

  2. Log in to the Admin console.

  1. Expand Apps.

  2. Select Web and mobile apps.

  3. Click Add app.

  4. Select Add custom SAML app.

  1. Enter a name for your app.

  2. Click Continue.

  1. Click Download Metadata.
    Keep the file in a secure place where you can easily access it, as you will need to upload it to Ideagen Hub later to finish setting up the SSO configuration.

2. Configuring the SAML app

2.1. Identifier and Reply URL

Once you have created the SAML application in Google Workspace, you will need to configure the Identifier and Reply URL.

To configure these:

  1. Sign in to Ideagen Hub. 
  2. Navigate to the Admin Console.
  3. Go to the Security Center.
  4. Select Authentication.
  5. Select Eternal IDP Configuration
  6. Click Add Identity Provider.
  7. Select SAML.
  8. Click Next.
    You will see the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL).
  1. Copy these values to your identity provider app.
  2. Click Continue.

Note
Entity ID represents an organization or a single Ideagen Hub subdomain.

3. Configuring attribute mapping

3.1. Email attribute

Whether your organisation uses Email as the login identifier, you will need to add the email attribute in Google Workspace and map the email attribute in Ideagen Hub. 

To configure the attribute:

  1. Go to the application in Google Workspace.

  2. Select Primary email under Google Directory attributes.

  3. Set the value to email.
  4. Copy this value.
  1. Go to Ideagen Hub.
  2. Scroll down to the Attribute mapping section.
  3. Paste the attribute name in the SAML attribute field next to the email User pool attribute.

3.2 Username

If your organisation uses Username as login identifier, you must map the email and preferred_username attributes in Ideagen Hub.

To configure the attribute:

  1. Go to the application in Google Workspace.

  2. Click Add mapping.

  3. Create an attribute with a unique, unchanging value for each user.
    For example, employee_id.
  4. Copy this value.
  1. Go to Ideagen Hub.
  2. Scroll down to the Attribute mapping section.

  3. Paste the claim name in the SAML attribute field next to the preferred_username User pool attribute.

5. Activating the app

When the SAML app is created in Google Workspace, it will be off for everyone by default.

To activate the app:

  1. Click the Arrow next to User access.
  1. Assign users by Groups or Organisation Units.
  2. Set Service status to ON.
  3. Click Override.

Further reading

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page